Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

GDPR

  • 19-01-2022 4:49pm
    #1
    sailing
    Registered Users, Registered Users 2 Posts: 244 ✭✭


    Hi,

    Quick question that someone may be able to answer. My wife recently started working in a pharmacy on a part time basis. She has been asked to input booster vaccination details of people into the HSE portal from home. This means she is using my personal laptop to do this as she hasn’t had one provided by the pharmacy. This has raised a few potential GDPR alarm bells in my head.

    The company I work for have become very GDPR aware in recent years and as such all employees undergo annual training on it, hence my concern here. Should this work be done on an encrypted pharmacy laptop/computer as it’s essentially HSE information about a patients vaccine status? I’ve no issue with her using my own personal one if it’s GDPR compliant etc.


    Thanks



Comments

  • #2
    seamus
    Registered Users, Registered Users 2 Posts: 68,317 ✭✭✭✭seamus


    Mainly depends on where the data is stored. Using a device outside of the sphere of control of the organisation is not ideal, but if there is no data storage taking place, then it's not a problem.

    For example, if she's bringing home a physical copy of details, and then using your laptop to input that data into a HSE portal, then no storage is taking place on your machine aside from potentially some transient caching, but that's not taken to be in scope of GDPR generally.

    If the data is stored in a pharmacy system or email and she's downloading that to your laptop before using it then it's more frowned upon. She has a responsibility to delete the data from your laptop after use, but there is a greater onus on the organisation to not allow data to be stored on unknown/unsecured devices in the first place.

    Huge legal issue? No. Not unless she has all the data on your laptop and it subsequently gets stolen or otherwise exposed.



  • #3
    BattleCorp1
    Registered Users, Registered Users 2 Posts: 516 ✭✭✭BattleCorp1


    https://www.boards.ie/discussion/2058228854/gdpr

    Can you view the booster vaccination details she enters on your computer or is it uploaded using an online portal with a username/password?

    If you can't view the information (e.g. don't have the username/password for the online portal then I don't see any GDPR issues.

    If you can view the personal details, then yes, GDPR issue.



  • #4
    Lenar3556
    Registered Users, Registered Users 2 Posts: 1,712 ✭✭✭Lenar3556


    Nice response from Seamus, and I think captures it very well.

    Not a great practise for a pharmacy to be engaging in, but I wouldn’t envisage any major data protection issue if the laptop is merely a conduit to the HSE portal with no local storage.



Advertisement